• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

AreWeConnected.com

Custom WordPress Websites that Rock!

  • Home
  • About
    • Hire a Tech Dude!
    • Recommendations
    • Add your testimonial
  • WordPress
    • Custom WordPress Website Build
    • The Managed EVERYTHING Website!
    • Making your site “SECURE”
  • FAQ
    • Making Your Site SECURE
  • BLOG
    • Posts about WordPress
    • Guest Post and Comment Policy
  • Contact

How To Stop “Form Spammers” (better)

Technology, Wordpress · November 19, 2019

59
SHARES
FacebookTwitterSubscribe

A few weeks ago I showed you how to stop the spammers from swamping you with bogus emails from your comment and IDX system. You can read more about that: “How to Reduce SPAM“. I also dabbled a bit for your website forms and discussed the idea of Akismet, the Honeypot, and CAPTCHA.

Swamped in SPAM - here's how to stop it.

One of the better answers I had at the time to the problem was to enable a combo of all three (Akismet, Honeypot, and Captcha). But now I think I have an even better answer!

You’re going to hate me for this but I think we need a small review first, shall we? I promise I’ll be very general and very quick.

AKISMET:

Akismet is a product of WordPress.com and is a stand alone plugin or bundled inside of JetPack. Either way you get it, it works somewhat by ‘crowdsourcing’. When a person (or bot) tries to leave a comment or submit a form Akismet gathers the data (IP address, name, email, text and links) that they have and tosses it a database. The same thing is happening on other websites across the world. If enough people mark a comment or submission as spam, Akismet sees that and denies them of actually submitting their crap. It’s pretty cool.

THE HONEYPOT:

Remember Pooh Bear getting his hand stuck, or his head? The Honeypot is aptly named. The Honeypot is simply a form field that doesn’t show up on the form to you and me, it does show up to a bot though. The computer program used to mass submit spam looks at the code for the fields they need to fill out. One of those fields (in the code) is the bait. If they enter anything into this field we got them! SPAM Denied! For humans, we never even see this field as it’s hidden from our view so we can never get stuck in the honeypot.

CAPTCHA:

I think we all know what this is. We’ve seen a few versions in our brief time on the internet. CAPTCHA stands for the “Completely Automated Public Turing test to tell Computers and Humans Apart” – did you know that?

That makes sense and we can see how it might work when we’re supposed to write the words we see in 2 smudged images (these were called CAPTCHA Ver 1) or click all the boxes that contain Justin Bieber (this is called CAPTCHA Ver 2). Google is working on a new version (Ver 3) that will work quietly in the background and you’ll never even know you passed / failed!

How To Stop "Form Spammers" (better)
How To Stop “Form Spammers” (better)

THE PROBLEM:

Each of these systems will work to some degree but are not foolproof. The bad guys are always getting smarter and finding ways to get around any roadblock we construct. For instance, the way around Akismet is to create new and unique identifying factors and we know how easy that would be for a computer. To get around a Honeypot you just need to train your program to identify the trap fields ahead of time. To beat a CAPTCHA they started using humans to identify the words or objects. Using all three in combination worked well for a while.

One of the ideas floating around would be to identify one single aspect that is common with all of these spammers and then block that and thereby block them all. You’re pretty smart and I bet you are going to say,

“Yeah, just block them at the I.P. level,
that’ll get those rat ba$tards!”

and that would be pretty smart. Except they use millions of different I.P. addresses with new ones being added every day.

THE ANSWER:

The truth is there’s no answer. No, I’m not clickbaiting you. The truth is that nothing will ever be foolproof, but…

I have found a solution and it’s pretty simple. It’s based off the idea of finding that one common aspect all of these emails have (and real ones do not).

THE SOLUTION: (you have to click to see)

Yeah, I’m kind of hiding this from the spammers. 🙂

In looking at these emails and the problem everyone is having I was searching the message boards and forums that developers normally hang out in. I came across this very simple idea (It wasn’t mine and I have long since forgotten where or who it was).

The Solution is to simply hide the SUBMIT button based on some aspect that would be common to all the SPAM emails.

The one common aspect in most of these messages is that they contain a link (URL) of sorts. That link is almost always put in a body of text that is in the bulk area of the message.

Sample Spam email notification from Gravity Forms
Sample Spam email notification from Gravity Forms

Conditional Formatting:

Conditional formatting just means that we can create if/then statements. That’s not high level programming stuff. It’s simple “if this happens or doesn’t happen, then do that” kind of stuff – that’s all.

So if most of the spammers want to include a URL in their submission, and all of the URLs start with http… I can simply tell my form that if the message body contains “http” to NOT show the SUBMIT Button! Simple, right?

Here’s a secret video on Conditional Formatting:

GO AHEAD, TEST MY FORM

  • This field is for validation purposes and should be left unchanged.

UPDATE:

Like I mentioned before, it’s always going to be a see saw battle. The spammers were blocked and then figured a way around and started putting the links into the “Name” field. Ugh!

Like this

ok, so a little addition to my solution will now cover ALL of the fields.

Your move dickheads…

Get My Newsletter

All I need is your email

CLICK HERE TO START!

Photo by Kelly Sikkema,  Nadine Shaabana, and  Jose Aragones on Unsplash

  • Author
  • Recent Posts
Mike Mueller
Connected?
Mike Mueller
VP of Happiness at AreWeConnected.com
A former professional hand model, Mike builds Custom WordPress Websites that rock!


He's an avid hockey fan, rides a mountain bike, sometimes rides a road bike, has a few motorcycles (he had a really fast one, bought a cool orange one, rode a really slow one, and now,a perfect "BDR Weapon"). If that isn't enough, he makes cheese and sourdough bread, loves strong beer and good red wine, and poorly plays the Mandolin.
Mike Mueller
Connected?
Latest posts by Mike Mueller (see all)
  • 8 Questions Your Web Developer Should Have Asked - April 27, 2021
  • Slack, Chat or Discord? - April 6, 2021
  • Unsplash Bought by Getty Images - March 30, 2021
59
SHARES
FacebookTwitterSubscribe
New Comment Policy:
If you see something, say something!
(shamelessly borrowed from Homeland Security but really, let's bring commenting on posts back!)

Filed Under: Technology, Wordpress

Previous Post: « Local SEO Ep4: Consistency
Next Post: An Introduction to Lead Capture »

Primary Sidebar

Who runs this Pop Stand?

Mike Mueller
Mike@AreWeConnected.com
PH: (925) 456-4567

Connect

  • Facebook
  • Flickr
  • Instagram
  • LinkedIn
  • RSS
  • Tumblr
  • Twitter
  • YouTube

Look, it’s Just a Newsletter!

  • While I might write a bunch, the newsletter is set to go out only on Wednesdays. That's it!  Just one day a week! Can you handle that?
  • This field is for validation purposes and should be left unchanged.

FREE Downloads

Icon
1827Small Biz Websites Built so far…

Let's Build Yours!

Expert Google Workspace help

Get Started and then hire the right help!

Lighten up!

Search: (anything)

Sign In / Up

  • Account
  • Website Management Subscription
  • The Managed EVERYTHING Website!

DM me. Really!

Have a question about anything I do? DM me! Message @mikemueller

Who to host with?

It's the #1 question I'm asked - where to find inexpensive shared hosting. Here's who I recommend.
Data Servers are a HUGE drain on the power grid. Here's a host that sources 300% of it's power from Wind and Solar! On top of that, their service ROCKS!
Check out GreenGeeks

Need more power?

WPEngine has it!

Hacked?

Sucuri Security
Creative Commons License
This site was built, is hosted, and backed up, and maintained by Mike Mueller. AreWeConnected is about the open sharing of ideas without a hidden agenda. Assume any link on this site is an affiliate link, Clicking on affiliate links costs you nothing extra (probably saves you $) and helps support this site.
PRIVACY POLICY

MANAGE YOUR ACCOUNT

CHAT
...another Custom Wordpress Website by Mike Mueller Hi!